diff --git a/.evergreen/csfle/kms_failpoint_server.py b/.evergreen/csfle/kms_failpoint_server.py
index 5930297c..76ecaaa7 100644
--- a/.evergreen/csfle/kms_failpoint_server.py
+++ b/.evergreen/csfle/kms_failpoint_server.py
@@ -45,16 +45,11 @@ def __init__(self, server_address, Handler, use_tls=True):
             ca_file = os.path.join(server_dir, "..", "x509gen", "ca.pem")
 
             context = ssl.SSLContext(ssl.PROTOCOL_TLS)
-            context.verify_mode = ssl.CERT_REQUIRED
             context.load_verify_locations(ca_file)
             context.load_cert_chain(cert_file)
+            context.verify_mode = ssl.CERT_NONE
 
-            self.socket = context.wrap_socket(
-                self.socket,
-                server_side=True,
-                do_handshake_on_connect=False,
-                suppress_ragged_eofs=True,
-            )
+            self.socket = context.wrap_socket(self.socket, server_side=True)
 
 
 class Handler(http.server.BaseHTTPRequestHandler):
diff --git a/.evergreen/csfle/kms_http_common.py b/.evergreen/csfle/kms_http_common.py
index 44cecc11..ddd75e6f 100644
--- a/.evergreen/csfle/kms_http_common.py
+++ b/.evergreen/csfle/kms_http_common.py
@@ -141,18 +141,14 @@ def run(
     httpd = server_class(server_address, handler_class)
 
     context = ssl.SSLContext(ssl.PROTOCOL_TLS)
-    context.verify_mode = ssl.CERT_REQUIRED
     context.load_verify_locations(ca_file)
     context.load_cert_chain(cert_file)
     if cert_required:
         context.verify_mode = ssl.CERT_REQUIRED
+    else:
+        context.verify_mode = ssl.CERT_NONE
 
-    httpd.socket = context.wrap_socket(
-        httpd.socket,
-        server_side=True,
-        do_handshake_on_connect=False,
-        suppress_ragged_eofs=True,
-    )
+    httpd.socket = context.wrap_socket(httpd.socket, server_side=True)
     print("Mock KMS Web Server Listening on port " + str(server_address[1]))
 
     httpd.serve_forever()